From ab45d5fbfe528704237021c006e3a7229b91d3a2 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Sun, 11 Sep 2022 16:09:05 +0200 Subject: [PATCH] tidy config --- cli/internal/cmd/init_test.go | 3 +- internal/config/config.go | 40 ++++++------- internal/config/config_doc.go | 106 ++++++++++++++++----------------- internal/config/config_test.go | 4 +- 4 files changed, 77 insertions(+), 76 deletions(-) diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index e14d46210..c2fdc9523 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -515,7 +515,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.Azure.UserAssignedIdentity = "test-identity" conf.Provider.Azure.Image = "some/image/location" conf.Provider.Azure.ResourceGroup = "test-resource-group" - conf.Provider.Azure.AppClientID = "test-client-secret-id" + conf.Provider.Azure.AppClientID = "01234567-0123-0123-0123-0123456789ab" conf.Provider.Azure.ClientSecretValue = "test-client-secret" conf.Provider.Azure.Measurements[4] = []byte("44444444444444444444444444444444") conf.Provider.Azure.Measurements[8] = []byte("00000000000000000000000000000000") @@ -525,6 +525,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.GCP.Project = "test-project" conf.Provider.GCP.Image = "some/image/location" conf.Provider.GCP.Zone = "test-zone" + conf.Provider.GCP.ServiceAccountKeyPath = "test-key-path" conf.Provider.GCP.Measurements[4] = []byte("44444444444444444444444444444444") conf.Provider.GCP.Measurements[8] = []byte("00000000000000000000000000000000") conf.Provider.GCP.Measurements[9] = []byte("11111111111111111111111111111111") diff --git a/internal/config/config.go b/internal/config/config.go index 33537b7b9..bd6d5cf4b 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -46,7 +46,10 @@ type Config struct { // Size (in GB) of a node's disk to store the non-volatile state. StateDiskSizeGB int `yaml:"stateDiskSizeGB" validate:"min=0"` // description: | - // DO NOT USE FOR PRODUCTION CLUSTERS: Enable debug cluster mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md + // Kubernetes version to be installed in the cluster. + KubernetesVersion string `yaml:"kubernetesVersion" validate:"supported_k8s_version"` + // description: | + // DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md DebugCluster *bool `yaml:"debugCluster" validate:"required"` // description: | // Supported cloud providers and their specific configurations. @@ -57,9 +60,6 @@ type Config struct { // - value: '[]UserKey{ { Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com" } }' SSHUsers []UserKey `yaml:"sshUsers,omitempty" validate:"dive"` // description: | - // Kubernetes version installed in the cluster. - KubernetesVersion string `yaml:"kubernetesVersion" validate:"supported_k8s_version"` - // description: | // Configuration to apply during constellation upgrade. // examples: // - value: 'UpgradeConfig{ Image: "", Measurements: Measurements{} }' @@ -113,27 +113,27 @@ type AzureConfig struct { // Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones Location string `yaml:"location" validate:"required"` // description: | - // Machine image used to create Constellation nodes. - Image string `yaml:"image" validate:"required"` - // description: | - // Virtual machine instance type to use for Constellation nodes. - InstanceType string `yaml:"instanceType" validate:"azure_instance_type"` - // description: | - // Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison - StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"` - // description: | - // Resource group to use. + // Resource group for the cluster's resources. Must already exist. ResourceGroup string `yaml:"resourceGroup" validate:"required"` // description: | // Authorize spawned VMs to access Azure API. UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"` // description: | // Application client ID of the Active Directory app registration. - AppClientID string `yaml:"appClientID" validate:"required"` + AppClientID string `yaml:"appClientID" validate:"uuid"` // description: | // Client secret value of the Active Directory app registration credentials. ClientSecretValue string `yaml:"clientSecretValue" validate:"required"` // description: | + // Machine image used to create Constellation nodes. + Image string `yaml:"image" validate:"required"` + // description: | + // VM instance type to use for Constellation nodes. + InstanceType string `yaml:"instanceType" validate:"azure_instance_type"` + // description: | + // Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison + StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"` + // description: | // Expected confidential VM measurements. Measurements Measurements `yaml:"measurements"` // description: | @@ -146,7 +146,7 @@ type AzureConfig struct { // Enforce the specified idKeyDigest value during remote attestation. EnforceIdKeyDigest *bool `yaml:"enforceIdKeyDigest" validate:"required"` // description: | - // Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview + // Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"` } @@ -162,18 +162,18 @@ type GCPConfig struct { // GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available Zone string `yaml:"zone" validate:"required"` // description: | + // Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization + ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath" validate:"required"` + // description: | // Machine image used to create Constellation nodes. Image string `yaml:"image" validate:"required"` // description: | - // Virtual machine instance type to use for Constellation nodes. + // VM instance type to use for Constellation nodes. InstanceType string `yaml:"instanceType" validate:"gcp_instance_type"` // description: | // Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types StateDiskType string `yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd"` // description: | - // Path of service account key file. For needed service account roles, see https://constellation-docs.edgeless.systems/constellation/getting-started/install#authorization - ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath"` - // description: | // Expected confidential VM measurements. Measurements Measurements `yaml:"measurements"` // description: | diff --git a/internal/config/config_doc.go b/internal/config/config_doc.go index 6dfc1dfa0..ef8b4cdbe 100644 --- a/internal/config/config_doc.go +++ b/internal/config/config_doc.go @@ -45,28 +45,28 @@ func init() { ConfigDoc.Fields[3].Note = "" ConfigDoc.Fields[3].Description = "Size (in GB) of a node's disk to store the non-volatile state." ConfigDoc.Fields[3].Comments[encoder.LineComment] = "Size (in GB) of a node's disk to store the non-volatile state." - ConfigDoc.Fields[4].Name = "debugCluster" - ConfigDoc.Fields[4].Type = "bool" + ConfigDoc.Fields[4].Name = "kubernetesVersion" + ConfigDoc.Fields[4].Type = "string" ConfigDoc.Fields[4].Note = "" - ConfigDoc.Fields[4].Description = "DO NOT USE FOR PRODUCTION CLUSTERS: Enable debug cluster mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md" - ConfigDoc.Fields[4].Comments[encoder.LineComment] = "DO NOT USE FOR PRODUCTION CLUSTERS: Enable debug cluster mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md" - ConfigDoc.Fields[5].Name = "provider" - ConfigDoc.Fields[5].Type = "ProviderConfig" + ConfigDoc.Fields[4].Description = "Kubernetes version to be installed in the cluster." + ConfigDoc.Fields[4].Comments[encoder.LineComment] = "Kubernetes version to be installed in the cluster." + ConfigDoc.Fields[5].Name = "debugCluster" + ConfigDoc.Fields[5].Type = "bool" ConfigDoc.Fields[5].Note = "" - ConfigDoc.Fields[5].Description = "Supported cloud providers and their specific configurations." - ConfigDoc.Fields[5].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations." - ConfigDoc.Fields[6].Name = "sshUsers" - ConfigDoc.Fields[6].Type = "[]UserKey" + ConfigDoc.Fields[5].Description = "DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md" + ConfigDoc.Fields[5].Comments[encoder.LineComment] = "DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md" + ConfigDoc.Fields[6].Name = "provider" + ConfigDoc.Fields[6].Type = "ProviderConfig" ConfigDoc.Fields[6].Note = "" - ConfigDoc.Fields[6].Description = "Create SSH users on Constellation nodes." - ConfigDoc.Fields[6].Comments[encoder.LineComment] = "Create SSH users on Constellation nodes." - - ConfigDoc.Fields[6].AddExample("", []UserKey{{Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com"}}) - ConfigDoc.Fields[7].Name = "kubernetesVersion" - ConfigDoc.Fields[7].Type = "string" + ConfigDoc.Fields[6].Description = "Supported cloud providers and their specific configurations." + ConfigDoc.Fields[6].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations." + ConfigDoc.Fields[7].Name = "sshUsers" + ConfigDoc.Fields[7].Type = "[]UserKey" ConfigDoc.Fields[7].Note = "" - ConfigDoc.Fields[7].Description = "Kubernetes version installed in the cluster." - ConfigDoc.Fields[7].Comments[encoder.LineComment] = "Kubernetes version installed in the cluster." + ConfigDoc.Fields[7].Description = "Create SSH users on Constellation nodes." + ConfigDoc.Fields[7].Comments[encoder.LineComment] = "Create SSH users on Constellation nodes." + + ConfigDoc.Fields[7].AddExample("", []UserKey{{Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com"}}) ConfigDoc.Fields[8].Name = "upgrade" ConfigDoc.Fields[8].Type = "UpgradeConfig" ConfigDoc.Fields[8].Note = "" @@ -172,41 +172,41 @@ func init() { AzureConfigDoc.Fields[2].Note = "" AzureConfigDoc.Fields[2].Description = "Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones" AzureConfigDoc.Fields[2].Comments[encoder.LineComment] = "Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones" - AzureConfigDoc.Fields[3].Name = "image" + AzureConfigDoc.Fields[3].Name = "resourceGroup" AzureConfigDoc.Fields[3].Type = "string" AzureConfigDoc.Fields[3].Note = "" - AzureConfigDoc.Fields[3].Description = "Machine image used to create Constellation nodes." - AzureConfigDoc.Fields[3].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes." - AzureConfigDoc.Fields[4].Name = "instanceType" + AzureConfigDoc.Fields[3].Description = "Resource group for the cluster's resources. Must already exist." + AzureConfigDoc.Fields[3].Comments[encoder.LineComment] = "Resource group for the cluster's resources. Must already exist." + AzureConfigDoc.Fields[4].Name = "userAssignedIdentity" AzureConfigDoc.Fields[4].Type = "string" AzureConfigDoc.Fields[4].Note = "" - AzureConfigDoc.Fields[4].Description = "Virtual machine instance type to use for Constellation nodes." - AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Virtual machine instance type to use for Constellation nodes." - AzureConfigDoc.Fields[5].Name = "stateDiskType" + AzureConfigDoc.Fields[4].Description = "Authorize spawned VMs to access Azure API." + AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API." + AzureConfigDoc.Fields[5].Name = "appClientID" AzureConfigDoc.Fields[5].Type = "string" AzureConfigDoc.Fields[5].Note = "" - AzureConfigDoc.Fields[5].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" - AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" - AzureConfigDoc.Fields[6].Name = "resourceGroup" + AzureConfigDoc.Fields[5].Description = "Application client ID of the Active Directory app registration." + AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "Application client ID of the Active Directory app registration." + AzureConfigDoc.Fields[6].Name = "clientSecretValue" AzureConfigDoc.Fields[6].Type = "string" AzureConfigDoc.Fields[6].Note = "" - AzureConfigDoc.Fields[6].Description = "Resource group to use." - AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "Resource group to use." - AzureConfigDoc.Fields[7].Name = "userAssignedIdentity" + AzureConfigDoc.Fields[6].Description = "Client secret value of the Active Directory app registration credentials." + AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "Client secret value of the Active Directory app registration credentials." + AzureConfigDoc.Fields[7].Name = "image" AzureConfigDoc.Fields[7].Type = "string" AzureConfigDoc.Fields[7].Note = "" - AzureConfigDoc.Fields[7].Description = "Authorize spawned VMs to access Azure API." - AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API." - AzureConfigDoc.Fields[8].Name = "appClientID" + AzureConfigDoc.Fields[7].Description = "Machine image used to create Constellation nodes." + AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes." + AzureConfigDoc.Fields[8].Name = "instanceType" AzureConfigDoc.Fields[8].Type = "string" AzureConfigDoc.Fields[8].Note = "" - AzureConfigDoc.Fields[8].Description = "Application client ID of the Active Directory app registration." - AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "Application client ID of the Active Directory app registration." - AzureConfigDoc.Fields[9].Name = "clientSecretValue" + AzureConfigDoc.Fields[8].Description = "VM instance type to use for Constellation nodes." + AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes." + AzureConfigDoc.Fields[9].Name = "stateDiskType" AzureConfigDoc.Fields[9].Type = "string" AzureConfigDoc.Fields[9].Note = "" - AzureConfigDoc.Fields[9].Description = "Client secret value of the Active Directory app registration credentials." - AzureConfigDoc.Fields[9].Comments[encoder.LineComment] = "Client secret value of the Active Directory app registration credentials." + AzureConfigDoc.Fields[9].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" + AzureConfigDoc.Fields[9].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" AzureConfigDoc.Fields[10].Name = "measurements" AzureConfigDoc.Fields[10].Type = "Measurements" AzureConfigDoc.Fields[10].Note = "" @@ -230,8 +230,8 @@ func init() { AzureConfigDoc.Fields[14].Name = "confidentialVM" AzureConfigDoc.Fields[14].Type = "bool" AzureConfigDoc.Fields[14].Note = "" - AzureConfigDoc.Fields[14].Description = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" - AzureConfigDoc.Fields[14].Comments[encoder.LineComment] = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" + AzureConfigDoc.Fields[14].Description = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" + AzureConfigDoc.Fields[14].Comments[encoder.LineComment] = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview" GCPConfigDoc.Type = "GCPConfig" GCPConfigDoc.Comments[encoder.LineComment] = "GCPConfig are GCP specific configuration values used by the CLI." @@ -258,26 +258,26 @@ func init() { GCPConfigDoc.Fields[2].Note = "" GCPConfigDoc.Fields[2].Description = "GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available" GCPConfigDoc.Fields[2].Comments[encoder.LineComment] = "GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available" - GCPConfigDoc.Fields[3].Name = "image" + GCPConfigDoc.Fields[3].Name = "serviceAccountKeyPath" GCPConfigDoc.Fields[3].Type = "string" GCPConfigDoc.Fields[3].Note = "" - GCPConfigDoc.Fields[3].Description = "Machine image used to create Constellation nodes." - GCPConfigDoc.Fields[3].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes." - GCPConfigDoc.Fields[4].Name = "instanceType" + GCPConfigDoc.Fields[3].Description = "Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization" + GCPConfigDoc.Fields[3].Comments[encoder.LineComment] = "Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization" + GCPConfigDoc.Fields[4].Name = "image" GCPConfigDoc.Fields[4].Type = "string" GCPConfigDoc.Fields[4].Note = "" - GCPConfigDoc.Fields[4].Description = "Virtual machine instance type to use for Constellation nodes." - GCPConfigDoc.Fields[4].Comments[encoder.LineComment] = "Virtual machine instance type to use for Constellation nodes." - GCPConfigDoc.Fields[5].Name = "stateDiskType" + GCPConfigDoc.Fields[4].Description = "Machine image used to create Constellation nodes." + GCPConfigDoc.Fields[4].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes." + GCPConfigDoc.Fields[5].Name = "instanceType" GCPConfigDoc.Fields[5].Type = "string" GCPConfigDoc.Fields[5].Note = "" - GCPConfigDoc.Fields[5].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types" - GCPConfigDoc.Fields[5].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types" - GCPConfigDoc.Fields[6].Name = "serviceAccountKeyPath" + GCPConfigDoc.Fields[5].Description = "VM instance type to use for Constellation nodes." + GCPConfigDoc.Fields[5].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes." + GCPConfigDoc.Fields[6].Name = "stateDiskType" GCPConfigDoc.Fields[6].Type = "string" GCPConfigDoc.Fields[6].Note = "" - GCPConfigDoc.Fields[6].Description = "Path of service account key file. For needed service account roles, see https://constellation-docs.edgeless.systems/constellation/getting-started/install#authorization" - GCPConfigDoc.Fields[6].Comments[encoder.LineComment] = "Path of service account key file. For needed service account roles, see https://constellation-docs.edgeless.systems/constellation/getting-started/install#authorization" + GCPConfigDoc.Fields[6].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types" + GCPConfigDoc.Fields[6].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types" GCPConfigDoc.Fields[7].Name = "measurements" GCPConfigDoc.Fields[7].Type = "Measurements" GCPConfigDoc.Fields[7].Note = "" diff --git a/internal/config/config_test.go b/internal/config/config_test.go index fb7e9f8fa..dc8542697 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -23,8 +23,6 @@ import ( "go.uber.org/goleak" ) -const defaultMsgCount = 13 // expect this number of error messages by default because user-specific values are not set and multiple providers are defined by default - func TestMain(m *testing.M) { goleak.VerifyTestMain(m) } @@ -160,6 +158,8 @@ func TestFromFileStrictErrors(t *testing.T) { } func TestValidate(t *testing.T) { + const defaultMsgCount = 14 // expect this number of error messages by default because user-specific values are not set and multiple providers are defined by default + testCases := map[string]struct { cnf *Config wantMsgCount int